Addressing Security Concerns

Meanwhile, mashups represent a revolution in Web application
development, where end users can assemble situational applications
within the browser by drag-and-drop assembly of pre-built Web
components (widgets and feeds) onto a mashup canvas. However, mashups
represent a security challenge due to the risk of potentially malicious
third-party components.
The alliance has produced OpenAjax Hub
1.1, which provides an industry-standard secure mashup runtime that
isolates third party widgets into security sandboxes and mediates
messaging among the widgets with a security manager. OpenAjax Hub 1.1
will be delivered as both an open specification and commercial-grade
open-source reference implementation.

"Today's announcements from the Alliance illustrate how OpenAjax is
evolving from the consumer space into the enterprise by being able to
run mashups, widgets and gadgets in AJAX applications," said David
Boloker, OpenAjax Alliance Steering Committee chairman and chief
technology officer for Emerging Internet Technology, IBM.

The alliance includes within its OpenAjax Metadata standard
the ability to define "mashable widgets," where widgets identify the
properties that they share with other widgets and the messages that
they can publish and receive from other widgets.
To speed industry adoption of its mashup technologies, the alliance
has produced both an industry XML format for "mashable widgets" and an
open-source mashup application that demonstrates all of its mashup
technologies working together, Ferraiolo said.
The mashable widget format is upwardly compatible with the OpenAjax
widget format used to document widgets within an AJAX library, thereby
allowing AJAX widget libraries to be "mashup-ready." The open-source
mashup application provides reusable open source for processing the
OpenAjax Metadata standard for mashable widgets. The mashup application
also demonstrates integration of OpenAjax Hub 1.1 in order to provide a
secure mashup runtime. The alliance has also developed an open-source
widget repository that supports the OpenSearch standard. OpenAjax
Alliance officials said.
"The mashup work at OpenAjax Alliance will help accelerate the time
when end-user mashups will become a mainstream part of Web application
development," said Stewart Nickolas, chair of the Gadgets Task Force
and distinguished engineer at IBM. "The alliance has addressed both the
widget interoperability problem facing the industry with its widget
standard that is in OpenAjax Metadata and with the open-source mashup
runtime in OpenAjax Hub 1.1."
"IBM is thrilled to see the OpenAjax Alliance provide specifications
to increase interoperability between industry-supplied widgets and
tooling metadata. We are incorporating these specifications into
Rational Application Developer," said Karen Hunt, director of
Development Tools, IBM Rational Software. "The OpenAjax metadata
support in Rational Application Developer will enable support for
adding widgets to the palette, allowing the widgets to be in the
drag-and-drop WYSIWYG page designer editor. In addition, the latest
specification will help ensure that the Dojo Widgets we make available
can interoperate with Google Gadgets, Microsoft Gadgets and
others."

Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.